[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1411-1] tiff security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : tiff
Version        : 4.0.3-12.3+deb8u6
CVE ID         : CVE-2017-11613 CVE-2018-5784 CVE-2018-7456
                 CVE-2018-8905 CVE-2018-10963
Debian Bug     : 869823 898348 890441 891288 893806

Several issues were discovered in TIFF, the Tag Image File Format
library, that allowed remote attackers to cause a denial-of-service or
other unspecified impact via a crafted image file.

CVE-2017-11613: DoS vulnerability
    A crafted input will lead to a denial of service attack. During the
    TIFFOpen process, td_imagelength is not checked. The value of
    td_imagelength can be directly controlled by an input file. In the
    ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc
    function is called based on td_imagelength. If the value of
    td_imagelength is set close to the amount of system memory, it will
    hang the system or trigger the OOM killer.

CVE-2018-10963: DoS vulnerability
    The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF
    allows remote attackers to cause a denial of service (assertion
    failure and application crash) via a crafted file, a different
    vulnerability than CVE-2017-13726.

CVE-2018-5784: DoS vulnerability
    In LibTIFF, there is an uncontrolled resource consumption in the
    TIFFSetDirectory function of tif_dir.c. Remote attackers could
    leverage this vulnerability to cause a denial of service via a
    crafted tif file.
    This occurs because the declared number of directory entries is not
    validated against the actual number of directory entries.

CVE-2018-7456: NULL Pointer Dereference
    A NULL Pointer Dereference occurs in the function TIFFPrintDirectory
    in tif_print.c in LibTIFF when using the tiffinfo tool to print
    crafted TIFF information, a different vulnerability than
    CVE-2017-18013. (This affects an earlier part of the
    TIFFPrintDirectory function that was not addressed by the
    CVE-2017-18013 patch.)

CVE-2018-8905: Heap-based buffer overflow
    In LibTIFF, a heap-based buffer overflow occurs in the function
    LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as
    demonstrated by tiff2ps.

For Debian 8 "Jessie", these problems have been fixed in version
4.0.3-12.3+deb8u6.

We recommend that you upgrade your tiff packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAls6O4dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQ6AhAAh8ft5iIBkGbNw6oaijIXkD7q03dNdrLykXKiAotg5VYxO8aOV1gFdsw8
f/c1F4wUhaTnxv1AIAPzYbJPezt7wuihlQ3JkdjZuIaUS+30b9+ytPlYI5+4irao
kQQQklI1cG8z0MHPp7KXmy7cHAKtsSJ6IP9T8InWWSz3FQZBi+Z3bCy9Qk7XK91R
wj4c1cgzV0C/tRfErbAMJBW7e/pf+IlS7t+tSmL4OergLLoSr6a+eXXgE3kkoGWd
quKB+7qh6IbBVUBm001AS5cT7VdxAAqemjk13uOuekyOItsxDblCST2WgfVdCv8R
Bh+jWqte6Su/aXp986IZLAey+METNJK81KD6aNcIsrlJO4H+5Yr3n1+V+ggdYgZz
Y+sxEnMv1fo1PI1dmPSrrEmS+NZ0IeguuZ8Pc/XLw9YlIHjuWM4zpU6mM4qWEFUq
q49UqFjWcqV/K+0FPJRkOidsXZo7+YmGaIUO5xi07U7EZVWM4z7hLYl528wX6D06
8VdVvqFfA4/xsjcsasExDXubdWzFf/Aj9XJVh5DCZNjzST3s1QRtLV8uuvGVhKQc
f0vj7ai6KzwfMfLUXadKvUakKmXR96EW3BidIyQUxNTgAX0lKvobCBm4KATqOfDl
9rTPQdhRIBbV8B/XyvPGRI/gHuumyK95HGyoKit0ppRo5DrRdvA=
=nbS2
-----END PGP SIGNATURE-----


Reply to: